KnowBe4 reports on the top-clicked phishing emails by subject lines each quarter in three different categories: subjects related to social media, general subjects, and ‘In the Wild’ – we get those results from the millions of users that click on our Phish Alert Button to report real phishing emails and allow our team to analyze the results.
LinkedIn and Facebook Are Convincing Ploys
Nearly half of all social media-related phishing emails imitated LinkedIn messages. This is a trend we are seeing each quarter, likely because there is a perception that these emails appear to be legitimately coming from a professional network. It’s a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses.
The fall hiring season is very hot right now. With more than 20 million jobs posted, LinkedIn is the perfect way for scammers to trick users into becoming victims. We’ve also seen Facebook subject lines gaining traction, which isn’t a huge surprise as brand impersonation of the social network is surging.
Password Management Continues to Entice Clicks
Aside from social media-related messages, general subject lines related to password management were highest on the list once again. Another common theme is HR-related messages that mention benefits, organizational changes and staff review. In-the-wild attacks – those that were real phishing emails and not KnowBe4 templates – found the greatest success when they asked for action from the recipient or promised something of value.
See the Infographic with All Top Messages in Each Category for Last Quarter: